ZipRecruiter
Senior Security Assurance Controls Manager
ZipRecruiter, Mountain View, California, us, 94039
Overview
ID.me is the next- digital wallet that simplifies how individuals securely prove their identity online. Consumers can verify with ID.me once and seamlessly log in across websites without having to create a new login. ID.me serves over 152 million users at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. ID.me’s technology meets federal standards for consumer authentication and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me strives to enable secure digital access for all people. To learn more, visit the company website.
Role Overview
ID.me is seeking a
Senior Security Assurance Controls Manager
to lead the development, implementation, and ongoing operation of our internal control program for external security and privacy frameworks including FedRAMP, ISO 27001, and SOC 2. This role is critical to maintaining the trust of our customers and regulatory stakeholders by ensuring that security and compliance requirements are met across ID.me’s product and infrastructure landscape. You will work cross-functionally with Engineering, Product, Security, GRC, and external auditors to design scalable control strategies, validate control effectiveness, and operationalize continuous monitoring. Responsibilities
Framework Ownership: Serve as the day-to-day owner for one or more frameworks (e.g., FedRAMP, ISO 27001, SOC 2), ensuring alignment between framework requirements and internal controls. Control Lifecycle Management: Collaborate with control owners to design, implement, document, and monitor controls. Define control objectives, implementation guidance, and assurance requirements. Audit & Assessment Readiness: Coordinate internal and external audits by developing audit plans, preparing walkthroughs, and managing evidence collection activities. Continuous Monitoring: Maintain a recurring schedule of control validations based on framework-specific frequency requirements (e.g., FedRAMP ConMon). Track control health and remediation actions. Gap Analysis & Risk Assessments: Lead gap analyses between new framework requirements and existing control coverage. Facilitate Security Impact Assessments (SIAs) to assess compliance implications of changes and identify risks. Compliance Documentation: Manage organizational policies. Ensure up-to-date, reviewer-approved documentation exists for policies, procedures, and implementation statements. Lead annual reviews and updates. Control Remediation & POA&M Management: Partner with control owners to define corrective actions, manage Plans of Action & Milestones (POA&Ms), and track resolution through closure. Propose and coordinate the design of controls to mitigate risks. Stakeholder Engagement: Act as a trusted partner to engineering, product, infrastructure, and customer-facing teams. Provide clear guidance on what controls are required, why, and how to satisfy them. Tooling & Metrics: Support the use of GRC and data pipelines to automate evidence collection, track control status, and generate metrics for reporting. Internal and External Reporting: Contribute to executive and board-level reporting, as well as external customer reporting such as through Continuous Monitoring reports. Basic Qualifications
Bachelor's degree in Information Security, Computer Science, Engineering, Risk Management, or related field—or equivalent practical experience. 7–10+ years of experience managing and operating security/compliance programs, including at least one of: FedRAMP, ISO 27001, or SOC 2. 3–5+ years of experience managing third-party audits (e.g., ATO, SOC, ISO certs), including evidence preparation, auditor interface, and corrective actions. Qualifications
Experience leading or contributing to FedRAMP Continuous Monitoring (ConMon) activities or significant change requests (SCR). Proficient in project management: planning, tracking, reporting, and issue resolution. Strong understanding of security control domains (e.g., access control, vulnerability management, encryption, logging, change management). Experience working in cloud environments (AWS, GCP). Familiarity with GRC platforms such as LogicGate, ServiceNow GRC, or Archer. Deep understanding of control implementation across cloud- and DevOps environments. CISSP, CISA, CCSK, or ISO 27001 Lead Auditor certification. Cloud security certifications (e.g., GCP, AWS) are a plus. Experience working in SaaS or regulated environments (e.g., healthcare, finance, government). Compensation & Benefits
The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role. ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts, basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, unlimited paid time off subject to the terms and conditions of the PTO policy, company holidays, short and long-term disability, and other benefits. Final offers may vary based on qualifications and role specifics. U.S. Pay Range: $157,485—$193,875. Mountain View, CA Pay Range: $194,803—$248,115. EEO & Accessibility
ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. ID.me is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or other protected characteristics. ID.me provides reasonable accommodations to qualified individuals in accordance with applicable laws and regulations. Upon request we will provide more information about such accommodations. Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms in our Privacy Policy. ID.me participates in E-Verify.
#J-18808-Ljbffr
ID.me is the next- digital wallet that simplifies how individuals securely prove their identity online. Consumers can verify with ID.me once and seamlessly log in across websites without having to create a new login. ID.me serves over 152 million users at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. ID.me’s technology meets federal standards for consumer authentication and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me strives to enable secure digital access for all people. To learn more, visit the company website.
Role Overview
ID.me is seeking a
Senior Security Assurance Controls Manager
to lead the development, implementation, and ongoing operation of our internal control program for external security and privacy frameworks including FedRAMP, ISO 27001, and SOC 2. This role is critical to maintaining the trust of our customers and regulatory stakeholders by ensuring that security and compliance requirements are met across ID.me’s product and infrastructure landscape. You will work cross-functionally with Engineering, Product, Security, GRC, and external auditors to design scalable control strategies, validate control effectiveness, and operationalize continuous monitoring. Responsibilities
Framework Ownership: Serve as the day-to-day owner for one or more frameworks (e.g., FedRAMP, ISO 27001, SOC 2), ensuring alignment between framework requirements and internal controls. Control Lifecycle Management: Collaborate with control owners to design, implement, document, and monitor controls. Define control objectives, implementation guidance, and assurance requirements. Audit & Assessment Readiness: Coordinate internal and external audits by developing audit plans, preparing walkthroughs, and managing evidence collection activities. Continuous Monitoring: Maintain a recurring schedule of control validations based on framework-specific frequency requirements (e.g., FedRAMP ConMon). Track control health and remediation actions. Gap Analysis & Risk Assessments: Lead gap analyses between new framework requirements and existing control coverage. Facilitate Security Impact Assessments (SIAs) to assess compliance implications of changes and identify risks. Compliance Documentation: Manage organizational policies. Ensure up-to-date, reviewer-approved documentation exists for policies, procedures, and implementation statements. Lead annual reviews and updates. Control Remediation & POA&M Management: Partner with control owners to define corrective actions, manage Plans of Action & Milestones (POA&Ms), and track resolution through closure. Propose and coordinate the design of controls to mitigate risks. Stakeholder Engagement: Act as a trusted partner to engineering, product, infrastructure, and customer-facing teams. Provide clear guidance on what controls are required, why, and how to satisfy them. Tooling & Metrics: Support the use of GRC and data pipelines to automate evidence collection, track control status, and generate metrics for reporting. Internal and External Reporting: Contribute to executive and board-level reporting, as well as external customer reporting such as through Continuous Monitoring reports. Basic Qualifications
Bachelor's degree in Information Security, Computer Science, Engineering, Risk Management, or related field—or equivalent practical experience. 7–10+ years of experience managing and operating security/compliance programs, including at least one of: FedRAMP, ISO 27001, or SOC 2. 3–5+ years of experience managing third-party audits (e.g., ATO, SOC, ISO certs), including evidence preparation, auditor interface, and corrective actions. Qualifications
Experience leading or contributing to FedRAMP Continuous Monitoring (ConMon) activities or significant change requests (SCR). Proficient in project management: planning, tracking, reporting, and issue resolution. Strong understanding of security control domains (e.g., access control, vulnerability management, encryption, logging, change management). Experience working in cloud environments (AWS, GCP). Familiarity with GRC platforms such as LogicGate, ServiceNow GRC, or Archer. Deep understanding of control implementation across cloud- and DevOps environments. CISSP, CISA, CCSK, or ISO 27001 Lead Auditor certification. Cloud security certifications (e.g., GCP, AWS) are a plus. Experience working in SaaS or regulated environments (e.g., healthcare, finance, government). Compensation & Benefits
The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role. ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts, basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, unlimited paid time off subject to the terms and conditions of the PTO policy, company holidays, short and long-term disability, and other benefits. Final offers may vary based on qualifications and role specifics. U.S. Pay Range: $157,485—$193,875. Mountain View, CA Pay Range: $194,803—$248,115. EEO & Accessibility
ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. ID.me is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of race, color, religion, sex, national origin, age, disability, veteran status, or other protected characteristics. ID.me provides reasonable accommodations to qualified individuals in accordance with applicable laws and regulations. Upon request we will provide more information about such accommodations. Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms in our Privacy Policy. ID.me participates in E-Verify.
#J-18808-Ljbffr